Python IsAccountOwner示例

示例#1

文件： views.py 项目： devrockstar928/django-pris

    def get_permissions(self):
        if self.request.method in permissions.SAFE_METHODS:
            return (permissions.IsAuthenticated(), IsAccountOwner(), )

        if self.request.method == 'POST':
            return (permissions.AllowAny(),)

        return (permissions.IsAuthenticated(), IsAccountOwner(),)

示例#2

文件： views.py 项目： cpuloader/schat

    def get_permissions(self):
        if self.request.method == 'GET':  # user can't get random users, only search by email
            return (
                permissions.IsAuthenticated(),
                IsAccountOwner(),
            )

        if self.request.method in permissions.SAFE_METHODS:
            return (permissions.IsAuthenticated(), )

        if self.request.method == 'POST':
            return (permissions.IsAuthenticated(), )

        return (
            permissions.IsAuthenticated(),
            IsAccountOwner(),
        )

示例#3

    def get_permissions(self):
        # Dangerous METHODs (update, delete) can only be called by the account's owner
        if self.request.method in permissions.SAFE_METHODS:
            return (permissions.AllowAny(), )

        if self.request.method == 'POST':
            return (permissions.AllowAny(), )

        return (
            permissions.IsAuthenticated(),
            IsAccountOwner(),
        )

示例#4

文件： views.py 项目： mitchsmith/thinkster-django-angular-boilerplate

    def get_permissions(self):
        # Allow safe methods like GET but resrict everything else to account owner
        if self.request.method in permissions.SAFE_METHODS:
            return (permissions.AllowAny(), )

        # Explicitly allow account creation by any/all
        if self.request.method == 'POST':
            return (permissions.AllowAny(), )

        return (
            permissions.IsAuthenticated(),
            IsAccountOwner(),
        )

示例#5

文件： views.py 项目： krishishah/Schreib

    def get_permissions(self):

        #GETs and POSTs are safe methods
        if self.request.method in permissions.SAFE_METHODS:
            return (permissions.AllowAny(), )

        #We want to allow anyone to create an account
        if self.request.method == 'POST':
            return (permissions.AllowAny(), )

        return (
            permissions.IsAuthenticated(),
            IsAccountOwner(),
        )

示例#6

文件： views.py 项目： rwrobe/daisy

    def get_permissions(self):
        # Alright, is this dude trying to update or delete existing data?
        if self.request.method in permissions.SAFE_METHODS:
            return (permissions.AllowAny(), )

        # Allow anyone to create an account
        if self.request.method == 'POST':
            return (permissions.AllowAny(), )

        # Let's see if this user is logged in and if they are trying to mess with their own stuff
        return (
            permissions.IsAuthenticated(),
            IsAccountOwner(),
        )

示例#7

 def get_permissions(self):
     """ We allow anyone to use requests in SAFE_METHODS (GET, HEAD, OPTIONS),
             and anyone to POST to create a new user. Otherwise, require
             authentication and to be owner of the Account.
         TODO: we might want only authenticated users to be able to view
             Account info for other users.
     """
     if self.request.method in permissions.SAFE_METHODS:
         return (permissions.AllowAny(), )
     if self.request.method == 'POST':
         return (permissions.AllowAny(), )
     return (
         permissions.IsAuthenticated(),
         IsAccountOwner(),
     )

示例#8

    def get_permissions(self):
        if self.request.method in permissions.SAFE_METHODS or self.request.method == "POST":
            return permissions.AllowAny(),

        return permissions.IsAuthenticated(), IsAccountOwner(),

示例#9

文件： views.py 项目： HideMode/web_jsie

 def get_permissions(self):
     return (IsAccountOwner(),)